Field
The present disclosure generally relates to a database management system. More specifically, the present disclosure relates to techniques and systems for securing a database configuration from undesired modifications.
Related Art
A change management procedure is critical for safely applying changes to an information system. However, it is oftentimes challenging to ensure that a change to a database system is performed in a secure manner without compromising prior security configuration. This is because a change to the database can modify a security configuration for a database object that is critical for many different aspects of the database system. If the change operation is not performed correctly, it can introduce a seemingly insignificant change to the database object which can results in undesirable security breaches.
For example, applying a patch for one database application may alter a security configuration for a database object that is used by a plurality of database applications. It is possible that a modification to the configuration of this database object may render this configuration invalid for other database applications. In a further example, it is possible that applying a patch may grant an additional privilege to a role which grants a set of users unintended access to sensitive data.
Moreover, large organizations typically require many database administrators to work together to manage an information system. These individual database administrators can have privileged access which allows them to modify the configuration of the information system. As the number of database administrators grows, it becomes increasingly difficult to ensure that all database administrators understand and enforce a uniform system-wide security policy. It is critical that these organizations ensure that a security configuration is safely protected from any malicious or unintended alteration performed by a privileged user.